CVE-2007-4314

Pixlie 1.7 - Denial of Service via Remote Directory Tree Processing

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4314. PoCs published by Rizgar.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Pixlie 1.7, allowing remote attackers to disclose arbitrary files by manipulating the 'root' parameter in pixlie.php. The PoC shows how to read /etc/passwd by injecting a null byte to terminate the path.

Description

pixlie.php in Pixlie 1.7 allows remote attackers to trigger the reading and JPEG image processing of files in a remote directory tree via a URL in the root parameter. NOTE: this can be leveraged for traffic amplification or other denial of service.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rizgar · textwebappsphp

https://www.exploit-db.com/exploits/4278

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Pixlie 1.7, allowing remote attackers to disclose arbitrary files by manipulating the 'root' parameter in pixlie.php. The PoC shows how to read /etc/passwd by injecting a null byte to terminate the path.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Pixlie 1.7

No auth needed

Prerequisites: Target must be running Pixlie 1.7 with exposed pixlie.php

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4278

Scores

EPSS 0.0181

EPSS Percentile 75.8%

Details

Status published

Products (1)

pixlie/pixlie 1.7

Published Aug 13, 2007

Tracked Since Feb 18, 2026